Echo Protocol suspends Monad bridge after key breach
A compromised admin key let an attacker mint 1,000 eBTC on Echo’s Monad deployment; Echo suspended the bridge after realizing losses were about $816,000 due to low liquidity.
On May 18 Echo Protocol suspended its bridge on the Monad blockchain after a compromised administrative key allowed an attacker to mint 1,000 eBTC, a paper value of about $76.7 million. Security firms Peckshield and Lookonchain reported the attacker used the stolen key to grant their wallet minting privileges. Local markets lacked the liquidity to convert the full amount, limiting realized losses to roughly $816,000.
After minting the tokens, the attacker deposited 45 eBTC as collateral in the Curvance lending market and borrowed 11.29 WBTC against that collateral. Those WBTC were bridged to the Ethereum network, swapped for ether, and about 385 ETH from the proceeds was routed into Tornado Cash. Because the decentralized lending pools on Monad were shallow, the exploiter was unable to convert the full value of the minted eBTC into on-chain liquidity.
Echo’s developers regained control of the compromised administrative key and burned the remaining 955 eBTC that remained in the attacker’s wallet. The protocol suspended the Monad bridge while teams investigate. Echo described the incident as an operational access-control failure in key management rather than a flaw in its smart contract code and said it is upgrading Ethereum Virtual Machine bridge contracts and tightening permission controls.
Curvance paused the affected eBTC market and reported that its isolated market design prevented the exploit from spreading to other lending pools. Curvance found no evidence that its own smart contracts were breached. Keone Hon, co-founder of Monad, confirmed that “Monad was not affected and continues to operate normally,” and said the issue was limited to the application and its bridge deployment.
Echo emphasized that its Aptos deployment was not impacted, noting that aBTC on Aptos and eBTC on Monad are separate, non-interoperable assets. Security teams and the protocol continue to trace the stolen funds and assess the incident. The Monad bridge remains offline while Echo implements contract and permission changes and completes its investigation.
The material on GNcrypto is intended solely for informational use and must not be regarded as financial advice. We make every effort to keep the content accurate and current, but we cannot warrant its precision, completeness, or reliability. GNcrypto does not take responsibility for any mistakes, omissions, or financial losses resulting from reliance on this information. Any actions you take based on this content are done at your own risk. Always conduct independent research and seek guidance from a qualified specialist. For further details, please review our Terms, Privacy Policy and Disclaimers.
Articles by this author
